CVE-2024-46674

Updated: 2024-09-14 04:51:20.719689

Description:

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undo_platform_dev_alloc" is entirely bogus. It drops the reference count from the platform device being probed. If error path is triggered, this will lead to unbalanced device reference counts and premature release of device resources, thus possible use-after-free when releasing remaining devm-managed resources.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Not Vulnerable 2024-09-26 17:27:09
AlmaLinux 9.2 FIPS kernel 5.14.0 7.8 HIGH Not Vulnerable 2024-09-19 12:25:17
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Not Vulnerable 2024-09-26 17:27:09
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Not Vulnerable 2024-09-26 17:27:09
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Not Vulnerable 2024-09-23 12:22:04
Ubuntu 16.04 ELS linux 4.4.0 7.8 HIGH Released CLSA-2024:1727816002 2024-10-01 17:31:37
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.8 HIGH Released CLSA-2024:1727817159 2024-10-01 17:32:01
Ubuntu 18.04 ELS linux 4.15.0 7.8 HIGH Released CLSA-2024:1727817133 2024-10-01 17:31:38